Connecting to WPA-EAP with no certificate in Linux

Posted on by Flinner Yuu 2 mins read

DISCLAIMER: I am no network expert! take with a grain of salt, and I hold no responsibility for any of what is written here, do NOT do what is written here :).

tf, why would anyone do that?

Well, the first thing to do is to check with your IT department for the certificate. In my case, the IT dudes didn't know where to get the cert, so here we go…

works everywhere?

No, ig I will just share this with people in my college who happen to use Linux (what are the odds huh?).

You can try and see though, nothing to lose (apart from your time).

Using wpa-wupplicant

With sudo permissions, open /etc/wpa_supplicant/wpa_supplicant.conf and add the following. (change things between ** s)

  network={
      scan_ssid=1
      ssid="*NETWORK_NAME*"
      key_mgmt=WPA-EAP
      mode=0
      auth_alg=OPEN
      scan_ssid=1
      eap=PEAP
      identity="*USERNAME*"
      password="*PASSWORD*"
      phase2="auth=MSCHAPV2"
  }

A bit more security

Anyone can super easily spoof that network, and you will send your password+username in clear text :\

We need a way to connect once to the network and somehow make sure the certificate doesn't change. Even if we don't have the cert, we can use its hash. (TODO: new post about getting certificate!).

  sudo wpa_supplicant -D nl80211 -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

After Connecting, you will get few logs like this:

  
  wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/O=Unknown/OU=Unknown/CN=heh-heh-he-09'
  hash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXFXXXXXXXXXXXXXXXXXXXX

Extract the hash and add it to your wpa_supplicant.conf

  network = {
     [...] # Truncated
      ca_cert="hash://server/sha256/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXF"
     [...]
  }

TADA!

You've made it!

Until I get around extracting the certificate, here is a starter:

Add this at the top of your wpa_supplicant.conf.

  ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

Obviously comment any ctrl_interface property, if any is present.

Start the wpa_cli

$ wpa_cli

Connect to the network using wpa_supplicant (same command as above), in the logs you will see something like:

CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/O=Unknown/OU=Unknown/CN=LOL-LMA-42-69' cert=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXFXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

That is the certificate. Convert it to the format you want, this is left as an exercise to the reader (TODO: Do it myself).